How to Configure Cisco IPSec VTI?
How to Configure Cisco IPSec VTI?
IPSec VTIs (Virtual Tunnels Interfaces) simplifies the configuration of a VPN compared to using crypto maps or GRE IPSec Tunnels. A benefit of using VTIs does not require of tying a configuration to a physical interface, rather allowing bespoke configuration per VTI. You can use a dynamic routing protocol (EIGRP, OSPF etc) or QoS defined per VTI.
The IPsec VTI allows for the flexibility of sending and receiving both IP unicast and multicast encrypted traffic on any physical interface, such as in the case of multiple paths.
Traffic is encrypted or decrypted when it is forwarded from or to the tunnel interface and is managed by the IP routing table.
Using IP routing to forward the traffic to the tunnel interface simplifies the IPsec VPN configuration compared to the more complex process of using access control lists (ACLs) with the crypto map in native IPsec configurations. DVTIs function like any other real interface so that you can apply quality of service (QoS), firewall, and other security services as soon as the tunnel is active.
Practical Example of how to configure IPSec VTI?
This provides a sample configuration for a virtual tunnel interface (VTI)
with IP Security (IPSec). This configuration uses RIP version 2 routing
protocol to propagate routes across the VTI. With a VTI, VPN traffic is
forwarded to the IPSec virtual tunnel for encryption and then sent out of the
physical interface.
=============================================================
Good Luck
Comments
Post a Comment